[原文]Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter.
Hosting Controller 2002 RC1 contains a flaw that may allow a remote attacker to upload files. The issue is due to saveuploadfiles.asp not verifying the value in the OpenPath variable. This may allow an attacker to upload or overwrite arbitrary files on the system.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.